SSO/Rest

The Easiest Way to Achieve Zero Trust Access Management in the Cloud

SSO/Rest provides your enterprise with a lightweight, transparent way to deploy your applications to the Cloud while still protecting them with the full power and capabilities of your existing Web Access Management (WAM) platform. Crucially, SSO/Rest delivers Zero Trust Access Management, ensuring that every request gets vetted before ever touching your applications or resources.

If your organization has yet to implement an enterprise WAM solution, is running pre-Cloud WAM, or uses Cloud IDM, then SSO/Rest provides a flexible, powerful, and vendor-independent way to fully secure your resources.

How It Works

SSO/Rest was built to solve the central problem plaguing enterprises that wish to extend the protection of their WAM solutions to the Cloud: that all pre-Cloud SSO products depend on agents or proxies that work poorly in the Cloud – both because of their “heaviness” and their reliance on vendor proprietary communication protocols.

A crucial element of Zero Trust, every request for access is checked against fine-grained access control policies by a policy decision point (PDP). The policy is then enforced by the SSO/Rest Plugin.

Single Sign On

Although both federation and SSO/Rest provide single sign-on, SSO/Rest provides SSO without sacrificing real-time enforcement, in accordance with the principle of Zero Trust.

Idle Session Timeout

SSO/Rest gives you the ability to close an idle session in real-time, while federation-based idle sessions simply persist until the session token expires. This greatly reduces your vulnerability to session hijacking attacks.

Control Session Duration

The more applications you have, the more difficult it is to enforce a maximum session duration across them. Since SSO/Rest sessions are centrally managed in real time, it becomes trivial to control session duration.

Centralized Audit

SSO/Rest allows you to easily and naturally generate centralized audit trails. While theoretically also possible via federation, the difficulty of coordinating end-to-end logs across many applications makes audit centralization very difficult, if not impossible.

Web Access Management

Together, the plugins and the SSO/Rest Gateway create a virtual perimeter, safely providing full WAM to all your critical resources, whether they reside in your data center or have been deployed to the Cloud. By extending true WAM (as opposed to the more limited functionality provided by federation), SSO/Rest provides not only authentication and Single Sign On but also: